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Applicants request review of the final rejection in the above-identified application in the 
Final Office Action mailed January 25, 2010. No amendments are being filed with this request. 
This request is being filed with a Notice of Appeal. The review is requested for the reasons 
stated below: 

Rejections under 35 USC §112 
Claims 1-5, 7-13, 15-22, and 24-25 were rejected under 35 U.S.C. 1 12, first paragraph for 
failing to comply with the written description. In particular, the Final Office Action states "It is 
unclear where in the specification executing a second rule wherein the second rule uses the saved 
results to determine a result for the second rule." Applicant notes that a written description of 
the claimed concept may be found in several portions of the specification. For example, at page 
5, line 22, the specification provides a description of a "SetSymbol" command: 

SetSymboh Symbol in which data extracted is saved 
Further, at page 6, lines 5-7 the specification provides a description of a 
"TokenizePacketDatalTokParamSymbol" command: 

TokenizePacketDatalTokParamSymboh Complex type which holds either packet 

data extraction parameters or a symbol name which must hold saved data or a 

constant 

Additionally, FIG. 7, element 714 and the specification at page 15, lines 14-17 states: 

Further, the action may cause the results of the rule to be saved (block 714). The 
saved results may then be used by later executed rules for the same flow. This is desirable 
because it allows the context aware firewall to maintain an expected state and context for 
the network flow, (emphasis added) 
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Finally, Applicant notes that the claims form part of the specification. Claim 14 as originally 
filed provides: 

14. The system of claim 9, wherein the at least one action comprises saves the 
result of the at least one action for use in a later executed rule in the set of 
parsed protocol state rules. 

With respect to the Final Office Action's statement that "there is no reference to how the 
saved results are used later", Applicant respectfully disagrees. While the claims are not limited 
to any particular use of the saved results beyond use in a second rule, the specification provides 
as an example maintaining "an expected state and context for the network flow." 

In view of the above, there is abundant clear and literal support for the claimed concept in 
the specification to reasonably convey to one skilled in relevant art that the inventors, at the time 
the application was filed, had possession of the claimed invention. Thus the specification clearly 
meets the written description requirements. 



Re jections under 35 USC § 103 
Claims 1-5, 7-13, 15-22, and 24-25 were rejected under U.S.C. 103(a) as being 
unpatentable over Coss in view of Moir (U.S. 2002/0120720 Al) in view of Venkatachary, and 
further in view of Katz. The legal conclusion that a claim is obvious within § 103(a) depends on 
at least four underlying factual issues set forth in Graham v. John Deere Co. of Kansas City, 383 
U.S. 1, 17, 86 S.Ct. 684, 15 L.Ed.2d 545 (1966). The underlying factual issues set forth in 
Graham are as follows: (1) the scope and content of the prior art; (2) differences between the 
prior art and the claims at issue; (3) the level of ordinary skill in the pertinent art; and (4) 
evaluation of any relevant secondary considerations. To establish prima facie obviousness of a 
claimed invention, all the claim limitations must be taught or suggested, by the prior art. In re 
Royka, 490 F.2d 981, 180 USPQ 580 (CCPA 1974) ; M.P.E.P. § 2143.03. "All words in a claim 
must be considered in judging the patentability of that claim against the prior art." In re Wilson, 
424 F.2d 1382, 1385, 165 USPQ 494, 496 (CCPA 1970) ; M.P.E.P. § 2143.03. As part of 
establishing a prima facie case of obviousness, the Examiner's analysis must show that some 
objective teaching in the prior art or that knowledge generally available to one of ordinary skill 
in the art would lead an individual to combine the relevant teaching of the references. Id. To 
facilitate review, this analysis should be made explicit. KSR Int'l v. Teleflex Inc., et al, 127 S.Ct. 
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1727; 167 L.Ed 2d 705; 82 USPQ2d 1385 (2007) (citing In re Kahn, 441 F. 3d 977, 988 (Fed. 

Cir. 2006)). Applicant respectfully submits that the claims contain elements not found in the 

combination of Coss, Moir, Venkatachary and Katz, therefore in view of the differences between 

the claims and the cited combination, the claims are not obvious in view of the combination. 

For example, claims 1 , 9 and 1 8 recite that the "executing a second rule of the parsed 

protocol state rules, wherein the second rule uses the saved result to determine a result for the 

second rule." With respect to using a saved result, the Office Action states that Coss teaches 

"the at least one action comprises saving the result of the at least one action for use in a later 

executed rule" citing column 5, lines 40-42. Applicant respectfully submits Applicant's 

amended claims recite a different process than that of Coss. The cited portion of Coss states: 

Stateful packet filtering may be implemented by caching rule 
processing results for received packets, and then utilizing the 
cached results to bypass rule processing for subsequent similar 
packets. For example, the results of 45 applying a rule set to a 
packet of a given network session may be cached, such that when a 
subsequent packet from the same network session arrives in the 
firewall, the cached results from the previous packet are used for 
the subsequent packet. This avoids the need to apply the rule set to 
each 50 incoming packet , and thereby provides substantial 
performance advantages over conventional firewalls, (emphasis 
added) 

It is clear from the portion of Coss cited in the Final Office Action that while Coss may save 
data, it is not saving data for use in determining a result of a second rule executed as recited in 
Applicants' claims 1, 9 and 18. Applicant's claims recite that a second rule is executed and uses 
the result of a previous rule to determine a result for the second rule. Instead, Coss discloses 
saving the results to bypass processing further rules, not for use in determining a result of a 
second rule. Coss specifically states that the application of the rule set is avoided using the 
cached result. If rule processing is bypassed, than there is no execution of a second rule using 
the results of a previous rule. 

Applicant has reviewed Venkatachary, Moir and Katz and can find no teaching or 
suggestion of saving the result of a first rule and executing a second rule using the first result to 
determine a result for the second rule as recited in Applicant's claims 1 , 9 and 1 8. Thus the 
combination of Coss, Venkatachary, Moir and Katz fails to teach or suggest each and every 
element of claims 1 , 9 or 1 8 resulting in differences between the claimed invention and the 
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combination of Coss, Venkatachary, Moir and Katz. Therefore claims 1, 9 and 18 are not 
obvious in view of the combination. Applicant respectfully requests reconsideration and the 
withdrawal of the rejection of claims 1, 9 and 18. 

Further, Coss teaches away from Applicant's claimed invention. As discussed above, 
Applicants claims 1 , 9 and 1 8 recite saving the results of a rule for use determining a result for a 
second rule that is executed. In contrast, Coss teaches that it is desirable to avoid rule processing 
by using a cached rule result to bypass rule set execution. Therefore Coss teaches away from 
Applicants' claimed invention. As a result, there is no motivation to combine Coss with 
Venkatachary, Moir and Katz. 

In the "Response to Arguments" portion of the Final Office Action, several points are 

raised that will now be addressed. First, the Final Office Action states that "applicant is 

misinterpreting the use of the word bypass." In response, Applicant refers to the definition of 

"bypass" provided by Merriam Webster's Collegiate Dictionary, Tenth Edition, which provides: 

bypass: 1 a: to avoid by means of a bypass b: to cause to follow a bypass 2 a: to 
neglect or ignore, usu. intentionally b: circumvent 

Applicant respectfully submits that this common definition of bypass is consistent with the 

arguments provided by the Applicant, therefore there has been no misinterpretation by Applicant. 

Further, the Final Office Action states "The session key is equivalent to the rule since it 
contains the same information (Figure 3, Figure 4)" Applicant respectfully disagrees. Column 
5, lines 59-67 of Coss describe a session key as including "(i) the Internet protocol (IP) source 
address, (ii) the IP destination address, (iii) the next-level protocol, e.g., transmission control 
protocol (TCP) or universal datagram protocol (UDP), (iv) the source port associated with the 65 
protocol, and (v) the destination port associated with the protocol." The items cited are merely 
data used to uniquely identify a stream, none of the items specified as part of the session key can 
be interpreted as a rule, there is no executable component in any of the items cited as part of the 
session key. Thus the session key can in no way be interpreted as a rule because there is no 
executable component of a session key. 

The Final Office Action further states that "it could be interpreted that the cache is an 
extension of the rules since it is checked first and has its own condition (the session key) and 
then an action." Applicant respectfully disagrees. The cache described in FIG. 4 of Coss 
contains session key data, identification data and results data. As discussed above, the session 
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key is not a rule. Further, the identification data and the results data are not rules. Therefore the 
cache in Coss cannot be interpreted as a rule. 

In view of the differences between claims 1, 9 and 18 and the cited combination, claims 1, 
9 and 18 are not obvious in view of the cited combination. Claims 2-5, 7-8, 10-13, 15-17, 19-22, 
and 24-25 depend from one of claims 1, 9 and 18, and are therefore allowable based on the 
dependence from an allowable base claim. 



Applicants respectfully submit that the claims are in condition for allowance and 
notification to that effect is earnestly requested. The Examiner is invited to telephone the 
undersigned at (612) 373-6954 to facilitate prosecution of this application. 

If necessary, please charge any additional fees or credit overpayment to Deposit Account 
No. 19-0743. 



CERTIFICATE UNDER 37 CFR 1.8 : The undersigned hereby certifies that this correspondence is being filed using the 
USPTO's electronic filing system EFS-Web, and is addressed to: Mail Stop AF, Commissioner for Patents, P.O. Box 1450, 
Alexandria, VA 22313-1450 on this 25th day of June, 2010. 
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